Early this week I was in a couple of halo meeting sessions with folks in our Bangalore India location, taking about "the next big thing". It reminded me that the last thing we worked on - exposing an extensible rules engine into the allocation and placement - was part of the BladeSystem Matrix 6.0 release. I wanted to talk a little about that capability today and give an example of how it can be used in deployments involving multi-tenancy.

BladeSystem Matrix Allocation and Placement Rules

Allocation and placement has always been a key function of BladeSystem Matrix.

When multi-tier service designs (represented my templates) are submitted for instantiation, it is the allocation and placement function that looks at the requirements for the service in terms of individual element specifications, desired service topology and lease period and them binds these to the available resources in the environment based on their characteristics and capacity, availability calendar, and physical topology.

In BladeSystem Matrtix 6.0, this allocation process can be customized by an extensible rules engine. Overall there are 18 different allocation rule sets that can be extended as shown in figure 1. The policy.xml file specifies which of the rule sets should be used. These are further explained the in the Insight Orchestration User Guide on page 48.

Figure 1 Extensible Rules sets

Mutl-tenancy Example

A very common use case I hear from customers is the desire to have a common design for a service but to have some aspects of the resource binding to be determined by the identity of the service owner.

In this scenario, we consider a provider who is servicing two competitors like Marriott and Hilton hotels but wants to put offer a common service template in the catalog. The desire is that when Marriott deploy a new instance of the service, that service instance would connect to Marriott-Corporate network segment. However, if Hilton deploy the service, then their service instance would connect to the Hilton Corporate network segment.

Figure 2. Pre-configured networks for the two competing corporations

Setting up your Service Template

Here we show a portion of a simple single server template as an illustrative example. This is a multi-homed server with

1. a connection to the corporate network. The network is named "@corporate". Later on in the rule engine we will look for the "@" sign in the name to trigger special rules processing

2. a connection to an internal network private to the service "net1".

Figure 3 Sample Multi-tenancy configuration

Adding the processing Rule

The rules engine is based on Drools. The rules are written expressed in Java with a Drools rule semantic wrapper. I'll give you a boiler plate wrapper to get you started below. This rule and the Java function are appended to the SubnetCheck.drl file. I'm going to show a very simple example, but can imagine that the creative community will quickly come up with some more sophisticated implementations. In figure 4, I show a simple rule. The rules processing is invoked to refine the candidate networks for allocation to the new service instance. The rule runs for each network (LogicalNetwork) specified in the template, and for each candidate network in the environment. The purpose of the rule processing is to discard candidates that "don't fit".

This snippet basically extracts the information about the subnet specification in the template (the $logicalSubnet), the candidate list of networks ($subnet) from the context ($pVO). It invokes a function customerSpecificSubnetCriteriaCheck to perform the actual processing.

The function starts by getting the information on the InfrastructureService being provisioned. This contains details of the entire template being provisioned and can be used for additional context aware processing. From this object we extract the service owner name (stripping off the windows domain), as well as the name of the service. It is also possible to extract information such as the "notes" that are specified for the service where additional information may also be encoded by the requestor. From the LogicalNetwork object we extract the name (ie "@Corporate" or "net1") in lsName. Similarly we extract the physical network name into psName.

I've included some debug lines using System.out.println . These show up in C:\Program Files\HP\Insight Orchestration\logs\hpio.log.

The purpose of this code is to return "FALSE" if the physical network is not a match candidate for the LogicalNetwork specified in the template, otherwise return "TRUE". The rules processing logic requires that if the rule allows an element to be a selection candidate, then the function pVO.match must be invoked for that element. If the element is to be eliminated from consideration, then pVO.doesNotMatch() needs to be invoked listing a reason for the exclusion. As a matter of coding style, you can either include the calls to both these routines in your custom function, OR you can just include the pVO.doesNotMatch() code in the function, and put the pVO.match() innocation in the body of the rule.

For logical networks not beginning with a "@" we just want to return TRUE and let the normal selection rules apply. For networks beginning with "@" we will be more selective, excluding candidates unless they match a specific pattern. For a logical network specified in the template with name of the form "@key" we want it to match against physical networks named "owner-key", where owner is the id of the requesting user. The logic looks for a lsName beginning with "@" and then strips off the "@" to create the key. We then test the physical server name to see if it matches the owner-key pattern.

Configuring the Code

To configure the use of the rules processing, edit C:\Program Files\HP\Insight Orchestration\conf\policy\policy.xml As shown in Figure 6. Once you have updated the policy.xml file you will need to restart the Insight Orchestration service.

Provisioning the Service

Now we are ready to deploy the service. Logging on as user Marriott, I create the service using the template shown earlier in Figure 2. Once the provisioning completes, I can look at the service details page for more information about the service. Select the network named "@Corporate" and then click on the resource details tab. From there I see that the network has indeed been mapped to the Marriott-Corporate network by the customer allocation rules processing.

Figure 3 Provisioned Service details

Conclusion

The rules based processing capabilities in BladeSystem Matrix enables simple realization of customized resource allocation processing that can be used to simplify and extend Matrix template deployment. I hope this example helps others to quickly understand the capabilities enabled through this powerful engine and gives a "Quick Start" to writing your own custom rules. If you have cool examples of rule extensions you have implemented, I'd be interested in hearing about them.

Thanks to Manjunatha Chinnaswamynaika for helping me to create this example.

Well it is February already and I am just now fulfilling one of my New Year’s resolutions – to start blogging more often.So here I go.

Last week, I had the opportunity to spend a few minutes chatting with Steve Kaplan, a vice president at INX, a Cisco reseller.Steve is also the author of the blog “By the Bell” where late last year he compared Cisco UCS to HP BladeSystem Matrix.He and I had the chance to compare our points of view on the applicability of blades.Needless to say, our point of view here at HP is quite different from Steve’s support of UCS.

Here is a summary of a couple of areas that perhaps Steve and I do not yet see eye to eye.

1.We at HP do not see UCS as comparable in functionality to BladeSystem Matrix, which we believe is in a category by itself.Why is this?Unlike other offerings that manage servers or VMs one at a time, Matrix uniquely allows customers to provision and manage the infrastructure of an entire application all at once – all the servers, VMs, storage, networks, and server images – through a service catalog based provisioning portal.Further, Matrix also has built-in capacity planning tools and disaster recovery tools that are not found in UCS.

2.We believe that data center power and cooling are substantial costs and challenges for customers and warrant significant attention.It appears to me that Cisco has largely ignored this in their UCS design.Not mentioned in Steve’s analysis is the ability for BladeSystem to throttle the power consumption of most chassis components that consume power including CPUs, memory, fans and power supplies to keep infrastructure running efficiently all the time.Also not mentioned is that UCS requires up to double the amount of data center power allocated per server compared to BladeSystem.

While Steve’s analysis is very detailed, he omits general descriptions of the very capabilities of BladeSystem and BladeSystem Matrix that have made BladeSystem the most popular blades platform on the planet – with over 1.6 million blades sold.(These can be found at www.hp.com/go/bladesystem and www.hp.com/go/matrix).Anyone interested in hearing more of what I have to say about converged infrastructure and BladeSystem can check out this Information Week article.

I appreciate Steve taking the time to write on blades, one of my favorite topics!I hope the dialogue over what customers find important for their IT infrastructure continues, as this is an important topic for our industry.Our many years in the blades business has taught us a lot, and we always look forward to the opportunity to share with customers the technologies we can bring to help them save time, reduce power and cut costs associated with managing IT infrastructure, all while becoming more efficient.

How does DDR3 memory work and one of the new features is memory lock-step capabilities?

Lock-step mode is an advanced memory protection feature supported in many of the G6 servers announced yesterday (3/30/09), including the BL460c G6 and BL490c G6. It takes two of the Xeon 5500 processor's three memory channels and runs them together, which enables 8-bit error correction instead of the 4-bit correction you get in normal Advanced ECC (non-lockstep) mode. Positives1) Achieves the same level of protection as ChipKill*, so there are some additional scenarios in which the system can correct memory errors. Negatives: (1) You have to leave one of the three memory channels on each processor un-populated, so you cut your available number of DIMM slots by 1/3. (2) Performance is measurably slower than normal Advanced ECC mode.(3) You can only isolate uncorrectable memory errors to a pair of DIMMs (instead of down to a single DIMM). Lock-Step mode is not default operation; it must be enabled in RBSU. We don't know how many customers will want to use it. *Normal" ECC can correct single-bit errors and detect double-bit errors. HP's term "Advanced ECC" means that the server corrects single-bit errors, detects multi-bit errors, and corrects some multi-bit errors that occur on the same DRAM. Advanced ECC is not the exact same thing as ChipKill, which is an IBM term. In some but not all scenarios, Advanced ECC offers the same protection as ChipKill.

The latest Top 500 supercomputer list just got released. BladeSystem c-Class was well represented once again. With 201 entries (40.2%) of the top 500, it has the most entries of any product line. The ever popular ProLiant BL460c made up the most entries, but we also had strong showings of the BL465c and the two-in-one blade the BL2x220c, and the BL685c 4-way blade made a showing as well. BladeSystem supercomputers are used for university and government research, weather modeling, semiconductor development, automotive, telecom, IT services, web infrastructure, financial services, rendering, and many other applications. I'm sure Dell was excited with their new blades line as well. Since they like to compare their blades with HP BladeSystem, I thought I would share how the two compared on the Top500 list:

HP BladeSystem had 199 more entries in the top 500 list than Dell's new blades

HP had 39.8% more share than Dell's new blades (40.2% vs. 0.4%)

HP had 100.5 times more entries than Dell's new blades

Dell's new blades accounted for two entries. Congratulations Dell!

Okay enough of these comparisons. We're excited to see so many customers from Audi to Zeta and lots of customers in between using BladeSystem. If you would like to see a listing of companies building supercomputers with BladeSystem, go check out the top 500 website listing and sort by vendor.

Moore's law has usually been used to predict general trends in semiconductors. While not exactly a perfect analogy, we have seen trends in interconnect bandwidth increase. Ethernet has seen bandwidth increase ten-fold every few years, with the latest transition to 10Gb. Usually these transitions take a while because the costs to transition are high, and the transition to 10Gb has followed that trajectory - until now.

Yesterday we announced an exciting new technology: Virtual Connect Flex-10. We've figured out a way to deliver 10Gb Ethernet technology at a price lower than what many people are spending on 1Gb technology today. As a result we can help customers get onto 10Gb technology sooner than they otherwise could have done before.

We've noticed that many customers are buying four or more NICs for their servers, sometimes due to bandwidth constraints, other times due to network segmentation or security constraints, and usually for redundancy. As a result, customers spend an awful lot on a bunch of 1Gb networks. We figured out that we could help customers by providing a 10Gb network connection that can be divided into up to four connections, replacing the need for up to four NICs. By doing this we conquer the high price for 10Gb Ethernet connectivity by delivering up to 8 network connections at costs that are less than what many customers pay for four 1Gb connections. At the same time they can allocate more bandwidth for one or more links or maintain the multiple connections they want for security reasons, or do a combination of both. And to top it all off, Virtual Connect takes less space and power too. We think this is very cool.

Bottom line: more bandwidth, more flexibility, less costs and less power. More of what you want and less of what you don't want. We think this is a good combination. This is why we believe the quickest, most affordable way to move to 10Gb is Virtual Connect Flex-10, and the time to do it is now.

I am a member of the Enterprise Group Global Marketing team blogging on topics of interest for HP Servers. Check out blog posts on all four Server blog sites-Reality Check, The Eye on Blades, Mission Critical Computing and Hyperscale Computing- for exciting news on the future of compute.

Luke Oda is a member of the HP's BCS Marketing team. With a primary focus on marketing programs that support HP's BCS portfolio. His interests include all things mission-critical and the continuing innovation that HP demonstrates across the globe.

Network industry experience for more than 20 years - Data Center, Voice over IP, security, remote access, routing, switching and wireless, with companies such as HP, Cisco, Juniper Networks and Novell.